[Pkg-shadow-commits] r204 - trunk/debian
Christian Perrier
pkg-shadow-devel@lists.alioth.debian.org
Wed, 08 Jun 2005 21:14:34 +0000
Author: bubulle
Date: 2005-06-08 21:14:33 +0000 (Wed, 08 Jun 2005)
New Revision: 204
Modified:
trunk/debian/changelog
trunk/debian/login.defs
Log:
Add a omment about possible sensitive information exposure if
LOG_UNKFAIL_ENAB is set. Closes: #298773
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2005-06-08 21:08:31 UTC (rev 203)
+++ trunk/debian/changelog 2005-06-08 21:14:33 UTC (rev 204)
@@ -1,6 +1,9 @@
shadow (1:4.0.3-36) UNRELEASED; urgency=low
* Debian packaging fixes:
+ - Add a comment about potential sensitive information exposure
+ when LOG_UNKFAIL_ENAB is set in login.defs
+ Closes: #298773
* Debconf translation updates:
- Estonian added. Close: #312471
* Man pages translation updates:
Modified: trunk/debian/login.defs
===================================================================
--- trunk/debian/login.defs 2005-06-08 21:08:31 UTC (rev 203)
+++ trunk/debian/login.defs 2005-06-08 21:14:33 UTC (rev 204)
@@ -49,6 +49,9 @@
#
# Enable display of unknown usernames when login failures are recorded.
#
+# WARNING: Unknown usernames may become world readable.
+# See #290803 and #298773 for details about how this could become a security
+# concern
LOG_UNKFAIL_ENAB no
#